This is being reported as a fake, as I said I haven’t tried it so am unable to confirm either way. It is probably best for users to ignore for now and wait for Project PROGSKEET to become retail or go the infectus route.

Thanks to user Guest_1651 I bring you (pre 17th Feb 2009) PS3 owners good news. Clever so and so’s at thetechgame.com have found a way to downgrade PS3′s (made before the 17th February 2009) to OFW 3.21, meaning of course where you go from there is entirely up to you (REBUG anybody?)

The method is pretty long winded and will NOT, currently work on PS3′s made AFTER February 17th 2009 (did I mention that already?), also the only “registration codes” (the code that corresponds to the firmware you want to end up on) made public at the moment are for phats but slim ones are available by PM’ing the author of the original forum post here.

There are some issues to take in mind first though:

You need 2 wireless controllers and cables for each

You need 2 4gb (NO SMALLER) usb sticks

You need a CD or old game (they don’t say how old but I’m guessing the older the better, or just stick to your bon jovi best of album)

You probably want someone with you, to keep pressing O, and call an ambulance when your heart gives out from the stress of possibly killing your lovely PS3.

I haven’t tried it myself as I’m still on 3.51 but from other members of thetechgame.com it seems to work.

I’m not going to post the tutorial here as I figure if you can’t even find the link to it above you will no doubt screw your PS3 up :p

If any of you guys try it please let us know how it goes, and follow the instructions to the T.

With the lure of “Welcome Back” program as well as the release of Uncharted 3 BETA on PSN, it’s not wrong to admit if you have updated your previous jailbroken PS3 console into an official firmware despite what you can achieve with a CFW. Now, do you?

[poll id="3"]

Yesterday a user at Elotrolado, dospiedras1973, found out and documented how to downgrade 3.6x FAT Consoles with NAND (sorry, NOR users). This is a quote from his post (translated with Google Translate) :

Hello, I’ve been working on this project about two months now since I’ve gotten to work as public so that everyone can use, this tutorial is for consoles with 256MB NAND flash does not mean it does not work in 16MB in itself is changed almost the same in those with normal flash, but because even I have my fat fucking 16mb 80GB I have not been able to neither prove nor verified.

Nougat (the phrase I owe to some forero around here that I really liked the expression):

With INFECTUS flash0.bin and we get our nand flash1.bin as in the tutorial to repair bad lukin nands do the same process until we get our dump flashfinal.bin 256MB

nand we open this with a simple hex editor and look for this part editor

“00 00 00 00 00 00 00 00 00 00 00 00 00 6F FF E0″

ay you will see that just under a very similar line, I find this data in the offset 000C0020 may vary according to the nand and the party starts here:-D

EVEN replace that line with the file if you use the hxd 1patchcos.bin get in the first 0 of the line -> right click and paste writing before you have to have an open 1patchcos.bin hxd in hex and copy its contents to can paste ..

then we find the second file to patch at hxd we dump on our part:

“00 00 00 00 00 00 10 10 00 00 00 00 00 00 10 10 00 00 00 00 00 00 20 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 02 40″

and in the same way as the first patched patched this also cojemos 2patchtrvk.bin pack the file and replace the entire contents including the
“00 00 00 00 00 00 10 10 00 00 00 00 00 00 10 10 00 00 00 00 00 00 20 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 02 40″

then we take the option we use reescramble flowrebuilder this dump so we rebuild our flash0.ECC.bin and flash1.ECC.bin

and flash the result, when you finish you will notice that the PS3 now has a nice on but black screen, it cojemos our factory jig to put it into service mode and put it in factory, then the typical cojemos lv2diag of yore and the pup you please

(NOTE: the first pup that metais will stay in the console as the minimum version that you can downgrade then, if you want to lose 3.55 to 3.41 then you will have to put the pup up to 3.41 before 3.55 or 3.55 will remain in that if cost will not rewrite the dump again to downgrade to lower the pup that you put the first time.)

then you put your factory lv2diag to leave the service and you’re

Note: this applies to repair the brick Waninkoko NAND NOT DONATED plates even sem-001 (tested) (and step downgrade xD)

Thanks:

all channel # irc-hispano darkps3 for supporting me for so long
to donate the INFECTUS austaquio32 to achieve to continue with my project
to Nodial2ne paid for the help locating files in the nand
to robs1 for helping throughout the process with ideas to make this possible

and everyone who was patient and not by private haunts me xD

pack:

http://pastebin.com/7tmtcdNN

Ingratitude:

er_poty: I do post, post it comes to creating private fights and telling him to send me get to the bottom of the shoes PDNKED

pd: I have 4 years unemployed, who selflessly want to donate something please contact me via private (sorry but I have 2 children and the PS3 does not give me to eat me or them xD)
either that or give me a job lene!

PS3′s compatible with this method (thanks pdnked):
PS3 Fat:
CECHA = 256MB
CECHB = 256MB
CECHC = 256MB
CECHE = 256MB
CECHG = 256MB

Actually, this method is not new: it’s the same method math discussed at Psx-scene’s forums a while ago and an evolution of rms’ waninkoko unbricking method, thus it’s believed to be working. Remember, if you’re willing to test DO IT AT YOUR OWN RISK. Are you going to test this method? Or rather wait for a CFW? Let us know in the comment section below

Thanks go to Guest_4026 for the tip

UPDATE: dospiedras1973 is reporting his work on a slim method! Stay tuned for more updates! (Thanks to Sam for the tip )

Source

In a frantic fashion, Sony has released yet another new firmware within a month of 3.61 release after the PSN outage. Not major changes from the look of it though, but it kind of awkward when having the same update time frame with Nintendo’s 3DS who also has released a new update to their handheld system.

In the new OFW note, there doesn’t seem to be any security fix mentioned, it just probably minor ones. That’s a good news considering the fact that there is a major crowd in the scene making up their time on finding the infamous exploits “discovered” long time ago which could lead to 3.61+ CFW (Maybe 3.65 CFW too). If only Mathieulh and other devs decide to break the ice..

Earlier tonight we released an optional system software update (v3.65) for PlayStation 3. This new firmware improves the operating stability of some PS3 format software, and changes the XMB item SaveData Utility (minis) to [SaveData Utility(minis/PSP)].

Again, this update is optional, and can be downloaded by selecting System Update from the Setting column of the XMB.

PS Blog

Long time PS3 scener from Spain, Waninkoko, has giving his insight into the development of 3.61 CFW and the consequences of running it. While i don’t get much of what he has been talking about on TeknoConsolas, he certainly is informative in bringing up the issues of metldr, appldr, lv2ldr, etc, the security architecture in PS3 where he is making the spotlight on which to hack in order to decrypt those keys in the process of building up the custom firmware.

Bah, I’m not even sure what i have been dissing about just now, but one thing for sure, someone is looking to get the ludicrous 3.61 CFW out of the misery. And yeah, Waninkoko probably is returning back to the scene after tweetedly leaving few months ago. Check his translated post below (Thanks to PS3-Addict for getting me a cache of the post after the original link is down):

Waninkoko’s 3.61 CFW theory

Private keys can not be calculated from a firmware> = 3.56, and they ARE NOT AVAILABLE, and this, no site … They are private, and only the Sony has.
If we were able to extract a time it was a mistake by Sony developers, who applied the wrong encryption algorithm, which helped us with some data and mathematical operations to calculate the private keys.

You can create a CFW 3.61, the only obstacle are the public keys, which can be extracted, with varying degrees of difficulty, but they can be …
Each loader is encrypted with a private key, and decrypts it with the corresponding public key.
Loader but the lowest level in FW, stood and decrypts it with the root key, which is invariable, because-as the root public key used to encrypt and decipher what is in the Loader Metldr.

Obviously, this Metldr should have the public key used to decrypt the Loader, and not Metldr IN NO EVENT be updated. So the root key can not be changed from one version to another firmware, because-that nothing would work.

So if we want to create a CFW 3.61, by changing the LV2 to add new functions, we have the whole chain of hacker Loaders to reach the final.

Example:

METLDR -> LV0LDR -> LV0 -> LV1LDR -> LV1 -> LV2LDR -> LV2

It’s more or less the chain of Loaders, I do not know if there are some variations in FW 3.61.

METLDR, as I said can not be updated

METLDR LV0LDR decrypts with the Root Key (LV0LDR Loader is the lowest level, if it fails METLDR) and executes it.

LV0LDR LV0 decrypts with the key LV0-Key (this key can be changed between different firmware versions because LV0LDR can be updated by encrypting LV0 with a private key and updating LV0LDR for it decrypts it with the new public key corresponding ), and executes it.

LV0 decrypts LV1LDR ….

blah …

LV2LDR decrypts with LV2 LV2-Key and executes it.

However, if we want a CFW, we must decipher LV0LDR (with the Root Key, which was published by Geohot and that will never change), change LV0LDR change the encryption key LV0 (it is a key exchange can to decrypt an encrypted LV0 with a private key that we know of) …

What private key? any … since it is us who will impede the key … we figure LV0LDR with the Root Key, you can then edit however you want LV0 LV0 now that is decrypted with a different public key, which we know the private key.
It modifies the whole chain up Loaders LV2, modifying and encrypting it with the new key that we have chosen …

This is the method in its broad lines (when I say encrypt / decrypt, I am not referring to the content of Loaders, because it works with-AES is a symmetric encryption which makes no sense talk about key public / private, I really am referring to the root of these Loaders, signature, which uses RSA and intervene where the public / private key, with the sole purpose of verifying that these were not Loaders modified).

For FW 3.61, the subject is a bit more complex, because the public key-RSA and AES are not easy to obtain, but there are ways to get them, people who possess them, it’s not impossible …

Now he must know that CFW can be installed only if you are on a FW 3.55 or lower, because the early versions use a higher discount new mode, which verifies the packets (data on PUP), checking of new signatures (which did not previously exist and which are now mandatory), we do not own, nor the public key or private key.

We can extract the public key, but the private key can be forgotten, and there is no form of chain to prevent it.
The “updater” is a separate application of FW and nothing to do with what has been explained above.

That said, switching to a CFW 3.56/3.60/3.61, you can not revert to another CFW (ie you are stuck with this version of CFW or an official FW), and it is inevitable. . because, said that in creating the CFW, you can change the VSH (or whatever it is), to use the old “update” (which does not check for new signatures and does nothing to install new CFW).

APPLDR or change to enable us to load the new “update”, but modified to not check for new signatures (the new “update” can be changed, of course, but we must also modify the APPLDR FW currently installed to re-encrypt this “update” with a private key known so that APPLDR be able to decrypt and execute).

He also posted some clarifications over his 3.61 CFW theory at Elotrolado.

1. I myself have said that somehow know some details of the FW 3.60/3.61, so if I dropped something wrong and tell, do not take this to the letter.

2. This is an explanation for that, with a vocabulary more or less simple, people will understand.

3. LV0LDR … I cast, but is normal when most of the knowledge I have a bit rusty (not that lv0ldr remembered at all in the time of writing the text, but I put so as is because the explanation I gave at first was not addressed to sceners far, so I cared little confused with bootldr lv0ldr and details LV0 load).

4. Mind you, when I talk about appldr to update, do not say that appldr care of it and the security checks, not even close. I mean, one option is to modify APPLDR in order to patch, and reforming the PUP updater and avoid check these headers (logically this method only allows you to upgrade to new CFW if you are in a CFW with APPLDR amended, and the PUP not work on other CFW or OFW).

Again, you do not take the text literally. NO is intended for the sceners, but ordinary people who have no idea about all this and wonders what happens to a CFW 3.60/3.61, omitting many details and going over things. And as I said in the text, 3.60/3.61 know certain details so I can be wrong at some point (rather text could be associated with CFW 3.56 in any case …).

Let us know what you think of Waninkoko’s theory, is it something viable in getting 3.61 CFW up and running for the masses?

Amidst of the recent surprise in the scene with No_One group’s theoretical detail on getting 2 firmwares in a PS3, me asking myself, do we still need 3.60 or probably 3.61 CFW?

No_One hacking group has revealed a way to flash firmwares in the NOR flasher that will let us to take our wildest dream in a reality show, which, booting up 3.55 CFW and the latest official firmware available, 3.61 OFW, to taste PSN without any limitations. That alone would remove the need of going all gung-ho over new CFW as soon as Sony releasing new firmwares. And also, 3.60 and 3.61 firmwares update doesn’t possessed any significant values that consumers would be looking forward too in terms of the overall gaming and entertainment aspect. Now, do we still need 3.61 CFW? I don’t think..

Ok, stop right there, I’m lying to myself, we do still need it. The only known way to get 3.61 CFW is by discovering the 3.6x keys which would then lead to getting a complete control over the console, new hardware revision is the option Sony has to take if they want to combat it. So, much better solution, no?

Oh ya, we also had QA flagging, did not have real knowledge over that although i have to say myself, i am really bad at making contradictions, sorry folks.

No, we’re not talking about booting up Linux and PS3 firmware in a PS3 but we’re looking at two firmwares that we can boot in the console. Yes, everyone will popped an idea of getting a custom firmware (CFW) as well as the latest official firmware (OFW) in one house. Presenting No_One group’s hardware hacking guide that takes you for a ride with the soon-to-be-selling-like-hot-cakes NOR flasher.

While i did not get much from their knowledge filled PDF, it’s certainly open up a wide array of possibilities that someone will take up on this and release a mind blowing PS3 CFW, probably 3.55 CFW and 3.61 OFW packed inside. For now though, we’ll need to see whether Mathieulh, rms and other known scene developers will agree with what No_One has to offer in their intriguing hacking theories. Let’s just not get our hopes high just yet, folks.

Here are the email excerpt from No_One group via PSX-Scene:

05/23/2011 For Immediate Release:

PS3_Ed2.pdf

The beginning of dual-firmware PS3:

The technique outlined in the .PDF will help people learn more about 3.6x firmwares.

The solution relies on the implementation of a second NOR/NAND Flash.
Some technical limitations have been identified. But time will help us to remove them.

The information in the document is still theoretical for the moment, however please post results from your testing.

We believe knowledge and information wants to be free.

Learn what you can and help contribute to making the PS3 scene a better place.

Released by No_One.

Download PDF

A different turnaround of events has occurred for everyone who has been waiting to play L.A. Noire on their jailbroken PS3 after Rockstar Games has released a patch update that will now work on 3.55 CFW console. It’s the same method being used for other newly released PS3 games such as Brink.

To make sure that you have installed the patch correctly, follow this step.

1. Download EP1004-BLES00933_00-PATCHLANOIRE0001-A0101-V0100-PE.pkg
2. Copy to your USB.
3. Go to your PS3 XMB and find the Install Packages function.
4. Install the package you downloaded from USB.
5. Enjoy

Now, if your copy of L.A. Noire is from US (BLUS30554), you need to do the installation of the same package as well, and after that, just download this PARAM and copy it to /dev_hdd0/GAMES/BLUS30554/PS3_GAME. You can use multiMAN’s built in function or FTP for the transferring part.

We also have a report that the game would work on 3.41 too.

1. You just need to download this EBOOT.BIN.
2. Replace that EBOOT with the one on your backup. Open the PARAM.SFO with notepad and change 3.600 change to 3.410.
3. If your copy is US, change BLUS3055 to BLES00933.
4. Save the editor and close.
5. Enjoy your game on 3.41

Thanks all for tip! We are all up for some crime investigation.

It seems there is a method circulating around the scene that let you to play online with PSN even if you or on 3.55 firmware. The rather dubious looking method first unveiled in a Brazillian PS3 hacking community by Xxmarcodeozxx and there soon to be some videos came afterwards.

Quite of handful number of people has tested the spoof method successfully according to the posts in the forum threads. So, whether you are in it or not, it’s up to you, but i will post it here so that someone can look up it up and verify the tutorial. Here, i taken it and auto translated it from Elotrolado.

Here’s the TUTORIAL STEP BY STEP FOR COD BLACK OPS
by the user er_popo
Requirements:
1.-have Rebug
2.-Install spoof 3.61
3.-Multimar or ftp

Tutorial intalar the spoof:
1 .- Download This Package http://www.megaupload.com/?d=BDZBB9A4
2.-Extract the rar
3 .- Copy the dev_blind.pkg a Pendrive or External HDD formatted to FAT32.
4 .- Install the dev_blind on the console, then executed him.
5 .- OK, then tell them which has been installed, exit at O.
6 .- Enter through the Console FTP (File Manager or FTP Multimar BlackBox, of his preference), then look for the folder called dev_blin, get inside it and then copied the folder “vsh” of this package dev_blind, tell them if they want to replace the files, we Replace All.
7 .- Restart the console, turn it on, go to Settings> System Settings> System Information and you will see that the Version is 3.61.
This is the tutorial by [Marcodeoz]
Once installed you have to do this spoof another tutorial for the server mapper:
1 º Download the program. (It’s like a fuckpsn for COD)

http://www.megaupload.com/?d=PS9HOI07

2 º Open it, and leave an IP. If it matches your IP leave it, if not by the corresponding cambiadla.
3 º Go to ps3 network settings and configurais all manual. In the Primary DNS poneis the ip of your PC and secondary poneis full value 8.
4 º Load the game from your loader and log from the xmb.
5 º you enter the game and finally enjoy the new COD.

In addition to that, there is also a report that says game that do not work with 3.55 previously such as Portal 2 is now working thanks to the spoofer. But, if anything, we should wait for a proper working version from Rebug team. I really do think that they will get the job done and if they do, you won’t need a 3.61 CFW.